Learn More, Pay Less!
Limited Time Offer!
Open Closed

IP Address to Allow or Block the access #8649


User avatar
0
Navneet@aol.com.au created
  • ABP Framework version: v9.0.1
  • UI Type: MVC
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hello Team,

I have a security requirement, is there any way can I assign IP addresses to OpenIddictApplicatin to allow and block based on IPs?

If something is not available out of the box, Any guide will be helpful like which place I can debug for incoming requests, it needs to be client-based not global access control.

Thanks, Navneet


1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    https://abp.io/support/questions/8650/Limit-the-access-to-Application-in-MVC

    It seems to be the same issue, you can override the TokenController.Password.

    public class MyTokenController : TokenController
    {
        [UnitOfWork]
        protected override async Task<IActionResult> HandlePasswordAsync(OpenIddictRequest request)
        {
             var clientId = request.ClientId;
             var client = // get client from repository
             // check IP 
             Logger.LogInformation("IP not allowed", request.Username);
    errorDescription = "IP not allowed!";
    }
    
            var properties = new AuthenticationProperties(new Dictionary<string, string>
            {
            [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
            [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = errorDescription
            });
    
            return Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
        } 
    }
    
    [ExposeServices(typeof(LoginModel))]
    [Dependency(ReplaceServices = true)]
    public class MyCustomLoginModel : OpenIddictSupportedLoginModel
    {
        public MyCustomLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions, AbpOpenIddictRequestHelper openIddictRequestHelper) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions, openIddictRequestHelper)
        {
        }
    
        public override async Task<IActionResult> OnGetAsync()
        {
            var openIddictRequest = await OpenIddictRequestHelper.GetFromReturnUrlAsync(base.ReturnUrl);
            var clientId = openIddictRequest.ClientId;
            
            var client = // get client from repository
            // check IP 
             Logger.LogInformation("IP not allowed", request.Username);
    errorDescription = "IP not allowed!";
            Alerts.Danger(L["IPNotAllowed"]);
            return Page();
        }
    }
    
Made with ❤️ on ABP v9.2.0-preview. Updated on February 05, 2025, 09:22